DOCSLIB.ORG

Development of a Model for Applying Correlation Cryptanalysis to Filtering Generators

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Development of a Model for Applying Correlation Cryptanalysis to Filtering Generators NOVATEUR PUBLICATIONS JournalNX- A Multidisciplinary Peer Reviewed Journal ISSN No: 2581 - 4230 VOLUME 6, ISSUE 5, May -2020 DEVELOPMENT OF A MODEL FOR APPLYING CORRELATION CRYPTANALYSIS TO FILTERING GENERATORS ABDURAKHIMOV BAKHTIYOR FAYZIEVICH Professor, Doctor of Physics and Mathematics, National university of Uzbekistan, +998935143137, [email protected] BOYKUZIEV ILKHOM MARDANAKULOVICH PhD Student, National university of Uzbekistan, +998909779300, [email protected] SHONAZAROV SOATMUROD KULMURODOVICH Teacher, Termez state university, +998996760166, [email protected] ZIYAKULOVA SHAKHNOZA ABDURASULOVNA Teacher, Termez state university, +998905208923, [email protected] ABSTRACT: Proposed mathematical model and This article is devoted to problems of software can be used for estimation of cryptanalysis. Cryptographic analysis stability of the algorithm of the flow crypto results, got from using of correlation operation to correlation cryptanalysis, as cryptanalysis method to algorithm of the well as in scholastic purpose. flow crypto operation, founded on register of KEYWORDS: cryptanalysis, stream ciphers, the shift with feedback, were presented in shift registers, LILI-128, filtering, work. For estimation of the flow crypto correlation operation algorithm’s crypto stability by correlation cryptanalysis method, number INTRODUCTION: of important tasks was defined, purposes and problems of the study were determined. Ensuring information security requires As a result of defined tasks decision, relatively fast cryptographic tools, not only as mathematical model and software of the exchange of documentary information correlation cryptanalysis method to flow transmitted over the network increases, but crypto operation to filtering LILI-128 – were also as the exchange of multimedia, that is, video developed. Results has shown, that and audio, increases. Therefore, the use of characteristic of correlation immunity of stream encryption algorithms in local and global filtering functions, used in filtering networks has become an urgent problem[1,2]. generator, provide stability to correlation When analyzing stream encryption cryptanalysis method. Execution with big algorithms, in contrast to block encryption probability of stat-analogical function, algorithms, although many original ideas and defined in process of cryptanalysis, raises directions for creating stream encryption the efficiency of cryptanalysis. cryptographic algorithms were developed in this area, there is no single way to express270 | Page their commonality[3]. NOVATEUR PUBLICATIONS JournalNX- A Multidisciplinary Peer Reviewed Journal ISSN No: 2581 - 4230 VOLUME 6, ISSUE 5, May -2020 Therefore, it is important to conduct research in the field of continuous encryption algorithms and modern methods for assessing their cryptographic strength. Due to the design features of continuous encryption algorithms, the most common type of attack is a correlation attack. If a non-linear function transfers information about its internal components to the output, the work required to open such a system is greatly reduced. However, such a function is always available[4]. According to this axiom, correlation attacks use the correlation between a sequence leaving an st nd Figure 1. Scheme of 1 and 2 generators encryption scheme and a sequence leaving i1 i2 ik l(x) = x ⊕ x ⊕ … ⊕ x ⊕ b depending registers[5,6,7]. METHODOLOGY: on the value of the free variable b (b =0 ва b = 1)nd 2.0 Correlation cryptanalysis method for in linear stanology, the operation of the 2 filter generators generator can be expressed using one of the schemes shown in the figure 2. There are several methods of correlation cryptanalysis applied to continuous encryption algorithms based on filter generators. Underlying these approaches is the use of linear statanalogs of the filtering function. Suppose that in a filter generator there is a linear feedback shift register of length n, 1 n n 1 1 n φ(x ,...,x ) = c x ⊕ … ⊕ c x is the feedback n n 1 function of the register, C(D) = c D ⊕ … ⊕ c D nd ⊕ 1 is its characteristic multiplication, and f 1 n Figure 2. Operating∞ status of 2 generator (x ,...,x ) is a filtering function, let the linear ij i1 i2 The series S } are different recurrence statanology of the function f(x) be l(x) = x ⊕ x ik sequences formed by one shift register with a 1 n ⊕ … ⊕ x ⊕ b . The probability that the feedback function φ(x ,...,x ), length n. From the function f (x) and its statonology coincide with known results on the linear complexity of the l(x) is: Prob{f(x) = l(x)} = 1/2 + a/2 [5]. Where sum of linear recurrence sequences and the – is the maximum value of linear complexity of inverted sequences, it can the normalized modulus of the Fourierst be seen that the length of the sequence {y’(t)} is coefficient. We call this given generator 1 n, and the feedback function is still equal to 1 n n 1 1 n generator. Filter generator with a similar shift φ(x ,...,x ) = c x ⊕ … ⊕ c x or length n + 1 and register, but with a filter functionnd l(x). This multiplication of the characteristic n n+1 n n-1 n n-1 n-2 n- generator is called the 2 generator. The C’(D) = c D ⊕(c ⊕c )D ⊕(c ⊕c )D 1 2 1 2 1 following symbols {y(t)} and {y’(t)} denote the ⊕…⊕(c ⊕c )D ⊕(c ⊕1)D⊕1 (1) i output sequences generated by the generators 1 which is made using offset sizes. Where c is the 1 n and 2, respectively, when the initial filled state coefficient of the feedback φ(x ,...,x ) function. is the same (Figure 1). 271 | Page NOVATEUR PUBLICATIONS JournalNX- A Multidisciplinary Peer Reviewed Journal ISSN No: 2581 - 4230 VOLUME 6, ISSUE 5, May -2020 Thus, instead of the 2nd generator, we can take before. In this case, therd bits of the output a look at the equivalent 3-generator (Figure 3). sequence {y’(t)} of the 3 generator correspond Therefore, in the case b = 0, the register length to the bits of the-m sequence {y(t)} with a is L=n, and the feedback function is φ’(x) = φ(x), probability of 1 – 2 . In this case, assuming that and in the case b = 1, the register length is all 2n bits of the sequence {y(t)} correspond to L=n+1, and the coefficient of the feedback bits of the sequence {y’(t)}, we can construct rda function C’(D) is determined from the feedback linear displacement registerst (3 characteristic coefficient of thend polynomial. generator) at the output of the 1 generator. Then rdthe output sequences of 2 generators Then this generator is used as a decoder with-m and 3 generators coincide and are equal to the correct decryption probability of 1 – 2 . {y’(t)}, and then the following equation holds forst Therefore, if the function f(x) hasst certain the elements ofnd the output sequences of 1 properties, the operation of the 1 generator generators and 2 generators: Prob{ y(t)= y’(t)} can be completely restored, that is, the unknown = 1/2 + a/2. feedback function and the initial state of the register can be determined. As a rule, to assess the reliability of the continuous encryption algorithm, the cryptanalyst is informed about the gamma sequence and internal structure of the generator, which come from a generator of a certain length. That is, the length of the register used in the generator, the feedback, and the Figure 3. Scheme of generator 3 appearance of the filter function are known. If the 1st generator is used to encrypt Based on this, using the two above some “ordinary” information and the parameter approaches, the method of correlation а is large enough, the 3rd generator can be used cryptanalysis is applied to the filter generator as Example 1. as a decoder, and errors can be eliminated follows. depending on the capabilities of the language. Let the above 1 be a Consider a situation that has the form: generator (Figure 4). It is known that this The feedback function of the above approach generator has an offset register of length 7 and st 1 n the 1 generator φ(x ,...,x ) is unknown, and the a filter function f(x) as follows: 1 1 2 3 4 5 6 7 filter function f(x) is as follows: f(x ,...,xn) = f(x) = x ⊕ x * x * x * x * x ⊕ x 1 2 m m+1 m+2 n. x *x *…*x ⊕ x ⊕ x ⊕…⊕ x The φ feedback function is as follows: 1 7 1 2 3 6 Where m ≤ n, n is the length of the displacement φ(x ,…,x ) = x ⊕ x ⊕ x ⊕ x dimensions. The linear statonology of the The initial filled state of the generator is m+1 n m+1 function f(x) is the function l(x ,…,x ) = x ⊕ unknown. m+2 n x ⊕…⊕ x with the probability-m of coincidence Prob{f(x) = l(x)} = 1 - 2 . In particular, for m ≥ 5, the probability is Prob{f(x) = l(x)} > 0,969. st Thus, if the filtering function f(x) in a 1 generator is replacednd by its linear statistical analog,rd the resulting 2 generator is equivalent to a 3 generator, i.e. there is an n-length shift register with the same feedback function as Figure 4. Filtering generator272 | Page NOVATEUR PUBLICATIONS JournalNX- A Multidisciplinary Peer Reviewed Journal ISSN No: 2581 - 4230 VOLUME 6, ISSUE 5, May -2020 nd However, at least 14 consecutive bits of The output bits of the 2 generator the output sequence {y(t)} are specified, let be: sequence y’(t) are calculated using a linear filter 1 7 00101001110010. The purpose of the analysis l(x) = x ⊕ x . is to find the initial state of the register. Thus, the following system of equations The linear statanology of the filter (4) is suitable: 1 7 function f(x) is the function l(x) = x ⊕ x .
Load more

Recommended publications
  • Grade 6 Reading Student At–Home Activity Packet
    Printer Warning: This packet is lengthy. Determine whether you want to print both sections, or only print Section 1 or 2. Grade 6 Reading Student At–Home Activity Packet This At–Home Activity packet includes two parts, Section 1 and Section 2, each with approximately 10 lessons in it. We recommend that your student complete one lesson each day. Most lessons can be completed independently. However, there are some lessons that would benefit from the support of an adult. If there is not an adult available to help, don’t worry! Just skip those lessons. Encourage your student to just do the best they can with this content—the most important thing is that they continue to work on their reading! Flip to see the Grade 6 Reading activities included in this packet! © 2020 Curriculum Associates, LLC. All rights reserved. Section 1 Table of Contents Grade 6 Reading Activities in Section 1 Lesson Resource Instructions Answer Key Page 1 Grade 6 Ready • Read the Guided Practice: Answers will vary. 10–11 Language Handbook, Introduction. Sample answers: Lesson 9 • Complete the 1. Wouldn’t it be fun to learn about Varying Sentence Guided Practice. insect colonies? Patterns • Complete the 2. When I looked at the museum map, Independent I noticed a new insect exhibit. Lesson 9 Varying Sentence Patterns Introduction Good writers use a variety of sentence types. They mix short and long sentences, and they find different ways to start sentences. Here are ways to improve your writing: Practice. Use different sentence types: statements, questions, imperatives, and exclamations. Use different sentence structures: simple, compound, complex, and compound-complex.
    [Show full text]
  • Vector Boolean Functions: Applications in Symmetric Cryptography
    Vector Boolean Functions: Applications in Symmetric Cryptography José Antonio Álvarez Cubero Departamento de Matemática Aplicada a las Tecnologías de la Información y las Comunicaciones Universidad Politécnica de Madrid This dissertation is submitted for the degree of Doctor Ingeniero de Telecomunicación Escuela Técnica Superior de Ingenieros de Telecomunicación November 2015 I would like to thank my wife, Isabel, for her love, kindness and support she has shown during the past years it has taken me to finalize this thesis. Furthermore I would also liketo thank my parents for their endless love and support. Last but not least, I would like to thank my loved ones such as my daughter and sisters who have supported me throughout entire process, both by keeping me harmonious and helping me putting pieces together. I will be grateful forever for your love. Declaration The following papers have been published or accepted for publication, and contain material based on the content of this thesis. 1. [7] Álvarez-Cubero, J. A. and Zufiria, P. J. (expected 2016). Algorithm xxx: VBF: A library of C++ classes for vector Boolean functions in cryptography. ACM Transactions on Mathematical Software. (In Press: http://toms.acm.org/Upcoming.html) 2. [6] Álvarez-Cubero, J. A. and Zufiria, P. J. (2012). Cryptographic Criteria on Vector Boolean Functions, chapter 3, pages 51–70. Cryptography and Security in Computing, Jaydip Sen (Ed.), http://www.intechopen.com/books/cryptography-and-security-in-computing/ cryptographic-criteria-on-vector-boolean-functions. (Published) 3. [5] Álvarez-Cubero, J. A. and Zufiria, P. J. (2010). A C++ class for analysing vector Boolean functions from a cryptographic perspective.
    [Show full text]
  • Internet Engineering Task Force (IETF) S. Kanno Request for Comments: 6367 NTT Software Corporation Category: Informational M
    Internet Engineering Task Force (IETF) S. Kanno Request for Comments: 6367 NTT Software Corporation Category: Informational M. Kanda ISSN: 2070-1721 NTT September 2011 Addition of the Camellia Cipher Suites to Transport Layer Security (TLS) Abstract This document specifies forty-two cipher suites for the Transport Security Layer (TLS) protocol to support the Camellia encryption algorithm as a block cipher. Status of This Memo This document is not an Internet Standards Track specification; it is published for informational purposes. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6367. Copyright Notice Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
    [Show full text]
  • Towards the Generation of a Dynamic Key-Dependent S-Box to Enhance Security
    Towards the Generation of a Dynamic Key-Dependent S-Box to Enhance Security 1 Grasha Jacob, 2 Dr. A. Murugan, 3Irine Viola 1Research and Development Centre, Bharathiar University, Coimbatore – 641046, India, [email protected] [Assoc. Prof., Dept. of Computer Science, Rani Anna Govt College for Women, Tirunelveli] 2 Assoc. Prof., Dept. of Computer Science, Dr. Ambedkar Govt Arts College, Chennai, India 3Assoc. Prof., Dept. of Computer Science, Womens Christian College, Nagercoil, India E-mail: [email protected] ABSTRACT Secure transmission of message was the concern of early men. Several techniques have been developed ever since to assure that the message is understandable only by the sender and the receiver while it would be meaningless to others. In this century, cryptography has gained much significance. This paper proposes a scheme to generate a Dynamic Key-dependent S-Box for the SubBytes Transformation used in Cryptographic Techniques. Keywords: Hamming weight, Hamming Distance, confidentiality, Dynamic Key dependent S-Box 1. INTRODUCTION Today communication networks transfer enormous volume of data. Information related to healthcare, defense and business transactions are either confidential or private and warranting security has become more and more challenging as many communication channels are arbitrated by attackers. Cryptographic techniques allow the sender and receiver to communicate secretly by transforming a plain message into meaningless form and then retransforming that back to its original form. Confidentiality is the foremost objective of cryptography. Even though cryptographic systems warrant security to sensitive information, various methods evolve every now and then like mushroom to crack and crash the cryptographic systems. NSA-approved Data Encryption Standard published in 1977 gained quick worldwide adoption.
    [Show full text]
  • Cryptographic Sponge Functions
    Cryptographic sponge functions Guido B1 Joan D1 Michaël P2 Gilles V A1 http://sponge.noekeon.org/ Version 0.1 1STMicroelectronics January 14, 2011 2NXP Semiconductors Cryptographic sponge functions 2 / 93 Contents 1 Introduction 7 1.1 Roots .......................................... 7 1.2 The sponge construction ............................... 8 1.3 Sponge as a reference of security claims ...................... 8 1.4 Sponge as a design tool ................................ 9 1.5 Sponge as a versatile cryptographic primitive ................... 9 1.6 Structure of this document .............................. 10 2 Definitions 11 2.1 Conventions and notation .............................. 11 2.1.1 Bitstrings .................................... 11 2.1.2 Padding rules ................................. 11 2.1.3 Random oracles, transformations and permutations ........... 12 2.2 The sponge construction ............................... 12 2.3 The duplex construction ............................... 13 2.4 Auxiliary functions .................................. 15 2.4.1 The absorbing function and path ...................... 15 2.4.2 The squeezing function ........................... 16 2.5 Primary aacks on a sponge function ........................ 16 3 Sponge applications 19 3.1 Basic techniques .................................... 19 3.1.1 Domain separation .............................. 19 3.1.2 Keying ..................................... 20 3.1.3 State precomputation ............................ 20 3.2 Modes of use of sponge functions .........................
    [Show full text]
  • Nessie Neutrally-Buoyant Elevated System for Satellite Imaging and Evaluation
    NESSIE NEUTRALLY-BUOYANT ELEVATED SYSTEM FOR SATELLITE IMAGING AND EVALUATION 1 Project Overview Space Situational Awareness (SSA) • Determine the orbital characteristics of objects in space Currently there are only two methods Radar • Expensive Telescopes • Cheaper, but can be blocked by cloud cover Both are fully booked and can't collect enough data Over 130,000,000 estimated objects in orbit 2 Introduction Solution Critical Project Elements Risk Analysis Schedule Our Mission: MANTA NESSIE • Full-Scale SSA UAV • Proof of concept vehicle • Operates at 18000ft • Operates at 400ft AGL • Fully realized optical Scale • Payload bay capability 1 : 2.5 payload • Mass 1 lb • Mass 15 lbs • Contained in 4.9” cube • Contained in 12” cube • Requires 5.6 W of Power • Requires 132 W of Power • Provide path to flight at full-scale 3 Introduction Solution Critical Project Elements Risk Analysis Schedule Stay on a 65,600 ft to 164,000 ft distance from takeoff spot Legend: 10 arcseconds object Requirements centroid identification 5. Point optical Dimness ≥ 13 accuracy, 3 sigma precision system, capture Operations flow apparent magnitude image, measure time and position 4. Pointing and stabilization check, 6. Store image autonomous flight and data 7. Start autonomous Loop descent to Ground Station when battery is low. Constantly downlink 3. Manual ascent position and status above clouds, uplink data to ground station 8. Manual landing, Max 18,000 altitude ft from ground station uplink from ground station 1. System 2. Unload/ Assembly/ Prep. Ground Station End of mission 14 transportation hours after first ascent 4 Land 300 ft (100 yards) from takeoff spot Stay within 400 ft of takeoff spot Legend: 4.
    [Show full text]
  • Study on the Use of Cryptographic Techniques in Europe
    Study on the use of cryptographic techniques in Europe [Deliverable – 2011-12-19] Updated on 2012-04-20 II Study on the use of cryptographic techniques in Europe Contributors to this report Authors: Edward Hamilton and Mischa Kriens of Analysys Mason Ltd Rodica Tirtea of ENISA Supervisor of the project: Rodica Tirtea of ENISA ENISA staff involved in the project: Demosthenes Ikonomou, Stefan Schiffner Agreements or Acknowledgements ENISA would like to thank the contributors and reviewers of this study. Study on the use of cryptographic techniques in Europe III About ENISA The European Network and Information Security Agency (ENISA) is a centre of network and information security expertise for the EU, its member states, the private sector and Europe’s citizens. ENISA works with these groups to develop advice and recommendations on good practice in information security. It assists EU member states in implementing relevant EU leg- islation and works to improve the resilience of Europe’s critical information infrastructure and networks. ENISA seeks to enhance existing expertise in EU member states by supporting the development of cross-border communities committed to improving network and information security throughout the EU. More information about ENISA and its work can be found at www.enisa.europa.eu. Contact details For contacting ENISA or for general enquiries on cryptography, please use the following de- tails: E-mail: [email protected] Internet: http://www.enisa.europa.eu Legal notice Notice must be taken that this publication represents the views and interpretations of the au- thors and editors, unless stated otherwise. This publication should not be construed to be a legal action of ENISA or the ENISA bodies unless adopted pursuant to the ENISA Regulation (EC) No 460/2004 as lastly amended by Regulation (EU) No 580/2011.
    [Show full text]
  • Security Evaluation of the K2 Stream Cipher
    Security Evaluation of the K2 Stream Cipher Editors: Andrey Bogdanov, Bart Preneel, and Vincent Rijmen Contributors: Andrey Bodganov, Nicky Mouha, Gautham Sekar, Elmar Tischhauser, Deniz Toz, Kerem Varıcı, Vesselin Velichkov, and Meiqin Wang Katholieke Universiteit Leuven Department of Electrical Engineering ESAT/SCD-COSIC Interdisciplinary Institute for BroadBand Technology (IBBT) Kasteelpark Arenberg 10, bus 2446 B-3001 Leuven-Heverlee, Belgium Version 1.1 | 7 March 2011 i Security Evaluation of K2 7 March 2011 Contents 1 Executive Summary 1 2 Linear Attacks 3 2.1 Overview . 3 2.2 Linear Relations for FSR-A and FSR-B . 3 2.3 Linear Approximation of the NLF . 5 2.4 Complexity Estimation . 5 3 Algebraic Attacks 6 4 Correlation Attacks 10 4.1 Introduction . 10 4.2 Combination Generators and Linear Complexity . 10 4.3 Description of the Correlation Attack . 11 4.4 Application of the Correlation Attack to KCipher-2 . 13 4.5 Fast Correlation Attacks . 14 5 Differential Attacks 14 5.1 Properties of Components . 14 5.1.1 Substitution . 15 5.1.2 Linear Permutation . 15 5.2 Key Ideas of the Attacks . 18 5.3 Related-Key Attacks . 19 5.4 Related-IV Attacks . 20 5.5 Related Key/IV Attacks . 21 5.6 Conclusion and Remarks . 21 6 Guess-and-Determine Attacks 25 6.1 Word-Oriented Guess-and-Determine . 25 6.2 Byte-Oriented Guess-and-Determine . 27 7 Period Considerations 28 8 Statistical Properties 29 9 Distinguishing Attacks 31 9.1 Preliminaries . 31 9.2 Mod n Cryptanalysis of Weakened KCipher-2 . 32 9.2.1 Other Reduced Versions of KCipher-2 .
    [Show full text]
  • Fast Correlation Attacks: Methods and Countermeasures
    Fast Correlation Attacks: Methods and Countermeasures Willi Meier FHNW, Switzerland Abstract. Fast correlation attacks have considerably evolved since their first appearance. They have lead to new design criteria of stream ciphers, and have found applications in other areas of communications and cryp- tography. In this paper, a review of the development of fast correlation attacks and their implications on the design of stream ciphers over the past two decades is given. Keywords: stream cipher, cryptanalysis, correlation attack. 1 Introduction In recent years, much effort has been put into a better understanding of the design and security of stream ciphers. Stream ciphers have been designed to be efficient either in constrained hardware or to have high efficiency in software. A synchronous stream cipher generates a pseudorandom sequence, the keystream, by a finite state machine whose initial state is determined as a function of the secret key and a public variable, the initialization vector. In an additive stream cipher, the ciphertext is obtained by bitwise addition of the keystream to the plaintext. We focus here on stream ciphers that are designed using simple devices like linear feedback shift registers (LFSRs). Such designs have been the main tar- get of correlation attacks. LFSRs are easy to implement and run efficiently in hardware. However such devices produce predictable output, and cannot be used directly for cryptographic applications. A common method aiming at destroy- ing the predictability of the output of such devices is to use their output as input of suitably designed non-linear functions that produce the keystream. As the attacks to be described later show, care has to be taken in the choice of these functions.
    [Show full text]
  • Stream Cipher Designs: a Review
    SCIENCE CHINA Information Sciences March 2020, Vol. 63 131101:1–131101:25 . REVIEW . https://doi.org/10.1007/s11432-018-9929-x Stream cipher designs: a review Lin JIAO1*, Yonglin HAO1 & Dengguo FENG1,2* 1 State Key Laboratory of Cryptology, Beijing 100878, China; 2 State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China Received 13 August 2018/Accepted 30 June 2019/Published online 10 February 2020 Abstract Stream cipher is an important branch of symmetric cryptosystems, which takes obvious advan- tages in speed and scale of hardware implementation. It is suitable for using in the cases of massive data transfer or resource constraints, and has always been a hot and central research topic in cryptography. With the rapid development of network and communication technology, cipher algorithms play more and more crucial role in information security. Simultaneously, the application environment of cipher algorithms is in- creasingly complex, which challenges the existing cipher algorithms and calls for novel suitable designs. To accommodate new strict requirements and provide systematic scientific basis for future designs, this paper reviews the development history of stream ciphers, classifies and summarizes the design principles of typical stream ciphers in groups, briefly discusses the advantages and weakness of various stream ciphers in terms of security and implementation. Finally, it tries to foresee the prospective design directions of stream ciphers. Keywords stream cipher, survey, lightweight, authenticated encryption, homomorphic encryption Citation Jiao L, Hao Y L, Feng D G. Stream cipher designs: a review. Sci China Inf Sci, 2020, 63(3): 131101, https://doi.org/10.1007/s11432-018-9929-x 1 Introduction The widely applied e-commerce, e-government, along with the fast developing cloud computing, big data, have triggered high demands in both efficiency and security of information processing.
    [Show full text]
  • Higher Order Correlation Attacks, XL Algorithm and Cryptanalysis of Toyocrypt
    Higher Order Correlation Attacks, XL Algorithm and Cryptanalysis of Toyocrypt Nicolas T. Courtois Cryptography research, Schlumberger Smart Cards, 36-38 rue de la Princesse, BP 45, 78430 Louveciennes Cedex, France http://www.nicolascourtois.net [email protected] Abstract. Many stream ciphers are built of a linear sequence generator and a non-linear output function f. There is an abundant literature on (fast) correlation attacks, that use linear approximations of f to attack the cipher. In this paper we explore higher degree approximations, much less studied. We reduce the cryptanalysis of a stream cipher to solv- ing a system of multivariate equations that is overdefined (much more equations than unknowns). We adapt the XL method, introduced at Eurocrypt 2000 for overdefined quadratic systems, to solving equations of higher degree. Though the exact complexity of XL remains an open problem, there is no doubt that it works perfectly well for such largely overdefined systems as ours, and we confirm this by computer simula- tions. We show that using XL, it is possible to break stream ciphers that were known to be immune to all previously known attacks. For exam- ple, we cryptanalyse the stream cipher Toyocrypt accepted to the second phase of the Japanese government Cryptrec program. Our best attack on Toyocrypt takes 292 CPU clocks for a 128-bit cipher. The interesting feature of our XL-based higher degree correlation attacks is, their very loose requirements on the known keystream needed. For example they may work knowing ONLY that the ciphertext is in English. Key Words: Algebraic cryptanalysis, multivariate equations, overde- fined equations, Reed-Muller codes, correlation immunity, XL algorithm, Gr¨obner bases, stream ciphers, pseudo-random generators, nonlinear fil- tering, ciphertext-only attacks, Toyocrypt, Cryptrec.
    [Show full text]
  • 2022 Kientzler Catalog
    TRIOMIO – COLOR COMBOS WITH UNIFORM PERFORMANCESRMANCES The consumer's enthusiasm for these trendy, three-coloured combos remains extremely strong! SSUPERCALUPERCAL BIDENS BIDENSBIDENS DUO CYPERUS TRIOMIO SUPERCAL ‘Summer Sensation’ TRIOMIO ‘Tweety Pop’ Bidens Duo ‘Sunshine’ ‘Southern‘Southehern Blues’BBlues’ No. 7298: SUPERCAL No. 7210: Bidens ‘Tweety’, No. 7318: Bidens ‘Sweetie’ No. 7363: Cyperus ‘Cleopatra’, ‘Blue’, ‘Light Yellow’ and ‘Pink’ Verbena VEPITA™ ‘Blue Violet’ and ‘Scarlet’ and ‘Funny Honey’ SURDIVA® ‘Blue Violet’ and SURDIVA® ‘White’ CCALIBRACHOAALIBRACHOA PPOCKETOCKET™ CALIBRACHOACALIBRACHOA UNIQUEUNIQQUE CALENDN ULA Calibrachoa POCKET™ ‘Mini Zumba’ TRIOMIO ‘Zumba’ TRIOMIO ‘Mango Punch’ TRIOMIO CALENDULA ‘Color me Spring’ No. 6981: CALIBRACHOA POCKET™ No.o. 7217:: CaCalibrachoa a oa UNIQUEU QU No.o. 7311: Calibrachoa UNIQUE ‘Mango Punch’, No. 7236: Calendula ‘Power Daisy’, ‘Yellow’, ‘Blue’ and ‘Red’ ‘Golden‘Golden Yellow’, ‘Lilac’‘Lilac’ and ‘Dark‘Dark Red’Red’ ‘Golden Yellow’ and ‘Dark Red’ Calibrachoa ‘Lilac’ and ‘Dark Red’ NEMENEMESISIA SUS PERCAL TRIOMIO NESSIE PLUS ‘Alegria’ TRIOMIO BABYCAKE ‘Little Alegria’rii’a’ TRIOMIO SUPERCAL TRIOMIO SUPERCAL ‘Garden Magic’ No. 7200: Nemesia NESSIE PLUS No. 7202: Nemesia BABYCAKE ‘Little Coco’, No. 7221: SUPERCAL ‘Blushing Pink’, No. 7234: SUPERCAL ‘Light Yellow’, ‘White’, ‘Yellow’ and ‘Red’ ‘Little Banana’ and ‘Little Cherry’ ‘Cherryh Improved’ and ‘Dark Blue’ ‘Blue’ and ‘Cherry Improved’ SUPERCAL PREMIUM VEERBR ENENAA VEPPITA™ TRIOMIO SUPERCAL PREMIUM ‘Magic’ TRIOMIO SUPERCAL
    [Show full text]